How to configure IPv4, Grouping and Policy in Fortigate Firewall?
In this article, we will give you some information about how to do routine operations such as IPv4 address creation, grouping, and policy creation on your Fortigate Firewall devices through CLI console.
First you can access the CLI console via the web interface or SSH with Putty.
I want to give you some brief information about the commands first.
The “Config“ command allows you to move to the configuration section.
The “Edit“ command is used to create or edit as needed.
The “Set” command is used to add and configure, IP, add members, etc.
The “Next“ gives you a chance to make a new operation in the corresponding config directory.
The “End“ command is used to exit config. We can start now.
First, add an IP address,
We would like to add two IP addresses, “testugur” and “testugur2”.
1 2 3 4 5 | config firewall address edit “denemeugur” set subnet 192.168.5.69 255.255.255.255 next end |

Now we create an IP group and add the IP addresses we created above to this group,
1 2 3 4 5 | config firewall addrgrp edit “denemegrup” set member “denemeugur” “denemeugur2” next end |
Now we control our operations through the firewall interface. If you look at our addresses and group has been created.

Now we create a policy rule. For example, we create a policy rule without restrictions.
1 2 3 4 5 6 7 | config firewall policy edit 55 set name “testpolicyugur” set srcintf “lan” set dstintf “wan2” |
Note: ID number for ”Edit 55
”policy, If you give the ID number of a used policy, that policy will be edited.
1 2 3 | set srcaddr “all” set dstaddr “all” set action accept |
Note: set srcaddr “all
“ da in this section we could specify the address group we created above and customize the rule to these addresses only.
1 2 3 | set schedule “always” set service “ALL” next |
We check from the web interface, no problems appear. We see that all the settings we specify are created as intended.


You can do the above and similar configuration tasks on the Fortigate firewall using the correct commands through the CLI console.
I hope it has been a useful article.